Il router in questione ha due interfacce outside con due ISP differenti.
Se configuro una stessa crypto map su entrambe le interfacce outside seccede che mi posso collegare in VPN solo sull'interfaccia dove avviene il primo collegamento VPN.
Ho provato a creare due crypto-map differenti ma il problema permane....
Tra l'altro ho anche problemi a tenere su una DMVP (con tunnel) e una VPN client sulla stessa interfaccia outside.....c'e' qualcosa che non so????
Il router e' :
Codice: Seleziona tutto
System image file is "flash:c1841-advipservicesk9-mz.124-15.T1.bin"
Cisco 1841 (revision 6.0) with 354304K/38912K bytes of memory.
Processor board ID FCZ101210QY
2 FastEthernet interfaces
1 ATM interface
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
62720K bytes of ATA CompactFlash (Read/Write)
Codice: Seleziona tutto
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group VPN-CLI
key xxxxxx
pool SUB_CLIENT_VPN
acl 160
save-password
max-users 5
!
!
crypto ipsec transform-set R_W esp-3des esp-md5-hmac
!
crypto dynamic-map REMOTE 10
set transform-set R_W
!
!
!
crypto map ROAD_W client authentication list vpnusers
crypto map ROAD_W isakmp authorization list vpngroup
crypto map ROAD_W client configuration address initiate
crypto map ROAD_W client configuration address respond
crypto map ROAD_W 65535 ipsec-isakmp dynamic REMOTE
!
interface Dialer0
crypto map ROAD_W
!
interface fastethernet0/0
crypto map ROAD_W
Codice: Seleziona tutto
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group VPN-CLI
key xxxx
pool SUB_CLIENT_VPN
acl 160
save-password
max-users 5
!
!
crypto ipsec transform-set R_W esp-3des esp-md5-hmac
crypto ipsec transform-set R_WBKP esp-3des esp-md5-hmac
!
crypto dynamic-map REMOTE 10
set transform-set R_W
!
crypto dynamic-map REMOTEBKP 10
set transform-set R_WBKP
!
!
crypto map ROAD_W client authentication list vpnusers
crypto map ROAD_W isakmp authorization list vpngroup
crypto map ROAD_W client configuration address initiate
crypto map ROAD_W client configuration address respond
crypto map ROAD_W 65535 ipsec-isakmp dynamic REMOTE
!
crypto map ROAD_WBKP local-address Dialer0
crypto map ROAD_WBKP client authentication list vpnusers
crypto map ROAD_WBKP isakmp authorization list vpngroup
crypto map ROAD_WBKP client configuration address initiate
crypto map ROAD_WBKP client configuration address respond
crypto map ROAD_WBKP 65535 ipsec-isakmp dynamic REMOTEBKP
!
!
interface Dialer0
crypto map ROAD_WBKP
!
interface fastethernet0/0
crypto map ROAD_W
Codice: Seleziona tutto
.Jan 27 08:41:29.986: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:29.986: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:29.986: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:29.990: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:29.990: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:29.990: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:29.990: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:29.990: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:29.990: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:29.990: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:29.990: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:29.990: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:29.990: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:29.990: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:29.990: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:29.990: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:35.753: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:35.753: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:35.753: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:35.753: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:35.753: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:35.753: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:35.753: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:35.753: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:35.753: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:35.753: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:35.753: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:35.753: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:35.753: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:35.753: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:35.753: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:35.753: ISAKMP:(0):atts are not acceptable. Next payload is 3